Due to limitations of the implementation in Hibernate 5, integer values are inlined as literals. In Hibernate 6, this was fixed, but there is no SQL injection possible. Even for string literals, the escaping is done to avoid SQL injection.
Due to limitations of the implementation in Hibernate 5, integer values are inlined as literals. In Hibernate 6, this was fixed, but there is no SQL injection possible. Even for string literals, the escaping is done to avoid SQL injection.